Design Packet Filtering for DirectAccess

Applies To: Windows 7, Windows Server 2008 R2

Important

This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (https://go.microsoft.com/fwlink/?LinkId=179988).

Packet filtering must be modified for multiple components on your network to allow the following types of traffic:

• DirectAccess client traffic to and from DirectAccess servers on the Internet

• DirectAccess server traffic to and from the intranet

• Encapsulated DirectAccess client traffic to and from the intranet

• Teredo discovery traffic for DirectAccess clients located behind network address translators (NATs)

• Management server traffic to DirectAccess clients

The following topics describe the required packet filtering for each of these types of traffic:

• Packet Filters for Your Internet Firewall

• Packet Filters for Your Intranet Firewall

• Confining ICMPv6 Traffic to the Intranet

• Packet filters for Teredo Connectivity

• Packet Filters for Management Computers